<!doctype html>
<html lang="en">

<head>
	<meta charset="utf-8">

	<title>Markdown slide</title>

	<meta name="description" content="A framework for easily creating beautiful presentations using HTML">
	<meta name="author" content="Hakim El Hattab">

	<meta name="apple-mobile-web-app-capable" content="yes">
	<meta name="apple-mobile-web-app-status-bar-style" content="black-translucent">

	<meta name="viewport" content="width=device-width, initial-scale=1.0">

	<link rel="stylesheet" href="libs/reveal.js/4.1.3/reset.css">
	<link rel="stylesheet" href="libs/reveal.js/4.1.3/reveal.css">

	
	
	<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css">

	  <!-- highlight Theme -->
  	
	  <link rel="stylesheet" href="libs/highlight.js/11.3.1/styles/monokai.min.css">
	
	
		
	<link rel="stylesheet" href="libs/reveal.js/4.1.3/plugin/chalkboard/style.css">
	
	
	
		<link rel="stylesheet" href="libs/reveal.js/4.1.3/plugin/customcontrols/style.css">
	
	<link rel="stylesheet" href="libs/styles/tasklist.css">



  <!-- Revealjs Theme -->
  
  	<link rel="stylesheet" href="libs/reveal.js/4.1.3/theme/beige.css" id="theme">
  
  


  <!-- Revealjs Theme -->
  

 
</head>

<body>
  


  <div class="reveal">

    <!-- Any section element inside of this container is displayed as a slide -->
    <div class="slides">

      


    
        <section >
            
            <style type="text/css">
    p { text-align: left; }
    h2 { text-align: left; }
</style>
<p>网络攻防技术</p>

            </section>
    



    
    <section>
        <section >
            <h1>1. Internet基础</h1>

            </section>
        
            <section >
                <ul>
<li>
<p>MAC/IP/域名</p>
</li>
<li>
<p>（MAC） ARP  （IP）  DNS （域名）</p>
</li>
</ul>

            </section>
        
            <section >
                <h2>1.1. MAC与ARP</h2>
<ul>
<li>如何区分不同的通讯方：MAC（Media Access Control）：
<ul>
<li>硬件地址，48比特（6字节）</li>
<li>前24位：代表厂家
<ul>
<li>叫做组织唯一标志符（Organizationally Unique Identifier，即OUI），是由IEEE的注册管理机构给不同厂家分配的代码，区分了不同的厂家</li>
</ul>
</li>
<li>后24位：是由厂家自己分配的，称为扩展标识符</li>
</ul>
</li>
<li>如何发送数据给目的主机：目的MAC=要发送到的主机的MAC地址</li>
<li>如何知道对方主机的MAC：ARP</li>
</ul>

            </section>
        
            <section >
                <p><img src="images/2019-04-08-10-30-12.png" alt=""></p>

            </section>
        
            <section >
                <ul>
<li>为什么我们要给对方发数据却不知道对方的地址？
<ul>
<li>一般只知道IP。MAC太底层了。</li>
</ul>
</li>
</ul>

            </section>
        
            <section >
                <h2>1.2. TCP/IP与DNS</h2>
<ul>
<li>为什么我们要给对方发数据却不知道对方的地址？因为我们只知识对方的域名。
<ul>
<li>IP对非技术人员也太底层了。</li>
</ul>
</li>
</ul>
<p><img src="images/2019-04-15-17-07-18.png" alt=""></p>

            </section>
        
            <section >
                <p><img src="images/2019-04-15-17-09-47.png" alt=""></p>

            </section>
        
            <section >
                <ul>
<li>你的PC或手机的域名服务器是？</li>
<li>如何修改服务器？为什么要修改。</li>
<li>如果你的DNS用假IP应答会如何？</li>
</ul>

            </section>
        

    </section>
    



    
    <section>
        <section >
            <h1>2. 网络结构与通讯过程</h1>

            </section>
        
            <section >
                <h2>2.1. 相邻结点通讯</h2>
<p>凑齐：==目标MAC,源MAC；目标IP,源IP；目标端口,源端口 ==</p>

            </section>
        
            <section >
                <ul>
<li>IP
<ul>
<li>已知域名：使用DNS获取IP</li>
<li>直接使用IP</li>
</ul>
</li>
<li>端口
<ul>
<li>已知端口</li>
<li>动态协商或动态获取</li>
</ul>
</li>
<li>MAC
<ul>
<li>LAN <s>Gateway</s> WAN</li>
<li>静态路由表查阅目的MAC</li>
<li>ARP动态查询目的MAC</li>
</ul>
</li>
</ul>

            </section>
        
            <section >
                <h2>2.2. 网关与路由</h2>
<ul>
<li>目的MAC地址应该是谁？</li>
<li>源MAC地址应该是？</li>
</ul>
<pre><code class="language-sh">$ netstat -r
Routing tables

Internet:
Destination        Gateway            Flags        Netif Expire
default            192.168.31.1       UGSc           en0       
10                 10.38.19.53        UGSc          gpd0       
10.9.208/24        link#15            UC          vmnet2      !
10.38.19.53/32     link#13            UC            gpd0      !
118.229.255.32     192.168.31.1       UGHS           en0       
127                localhost          UCS            lo0       
192.168.31         link#5             UCS            en0      !

</code></pre>

            </section>
        
            <section >
                <h2>2.3. 集线器/交换机/路由器</h2>
<ul>
<li>集线器
<ul>
<li>物理层 电信号识别与中继</li>
</ul>
</li>
<li>交换机
<ul>
<li>链接层 背板 基于MAC转发</li>
</ul>
</li>
<li>路由器
<ul>
<li>网络层 路由 SNAT DNAT</li>
</ul>
</li>
</ul>

            </section>
        
            <section >
                <h2>2.4. VirtualNetwork</h2>
<ul>
<li>桥接</li>
<li>NAT</li>
<li>Host-only</li>
</ul>

            </section>
        
            <section >
                <h2>2.5. 移动网络</h2>
<p>VLAN与设备隔离。</p>

            </section>
        
            <section >
                <h2>2.6. 小结</h2>
<p>==目标MAC,源MAC；目标IP,源IP；目标端口,源端口 ==
==目标MAC,目标IP,目标端口；源MAC，源IP，源端口 ==</p>
<ul>
<li>问题
<ul>
<li>例1：你的主机和虚拟机Kali通讯，其发送的以下内容分别是？过程是？
<ul>
<li>目标MAC,源MAC,目标IP,源IP,目标端口,源端口</li>
</ul>
</li>
<li>例2：你的主机和打开百度网页，其发送的以下内容为？过程是？
<ul>
<li>目标MAC,源MAC,目标IP,源IP,目标端口,源端口</li>
</ul>
</li>
<li>例3：如果你不知道对方的域名，你可以和对方通讯吗？</li>
<li>例4：如果你不知道对方的IP，你可以和对方通讯吗？</li>
</ul>
</li>
</ul>

            </section>
        

    </section>
    



    
    <section>
        <section >
            <h1>3. 协议安全性分析与案例</h1>

            </section>
        
            <section >
                <h2>3.1. TCP/IP协议安全性</h2>
<p><img src="images/2019-04-25-10-52-00.jpg" alt=""></p>

            </section>
        
            <section >
                <h2>3.2. ARP原理欺骗</h2>

            </section>
        
            <section >
                <h3>3.2.1. ARP缓存</h3>
<ul>
<li>如果每个发送IP Packet都要执行一次 ARP, 网络将是不可承受的</li>
<li>ARP缓存机制
<ul>
<li>Static: arp -s</li>
<li>Dynamic: 根据ARP应答更新</li>
</ul>
</li>
<li>ARP应答并非都是由请求触发的
<ul>
<li>主机启动时会主动发送ARP应答刷新邻居的ARP缓存</li>
</ul>
</li>
</ul>

            </section>
        
            <section >
                <h3>3.2.2. ARP协议安全问题</h3>
<ul>
<li>ARP广播请求／应答</li>
<li>ARP缓存</li>
<li>ARP欺骗 (ARP Spoofing)
<ul>
<li>发送伪造ARP消息，对特定IP所对应的MAC地址进行假冒欺骗，从而达到恶意目的。</li>
</ul>
</li>
</ul>

            </section>
        
            <section >
                <p><img src="images/2019-04-25-10-28-07.png" alt=""></p>
<blockquote>
<p>小作业:使用ARP攻击你的主机，记录结果。</p>
</blockquote>

            </section>
        
            <section >
                <h2>3.3. IP源地址欺骗</h2>
<ul>
<li>原理：
<ul>
<li>发送数据包时，使用假的源IP地址</li>
<li>网关、路由器、防火墙一般都不检查源IP地址</li>
</ul>
</li>
<li>分类：
<ul>
<li>Online IP Spool</li>
<li>Offline IP Spool</li>
</ul>
</li>
<li>应用：
<ul>
<li>冒充受信主机，发起连接</li>
<li>DDos</li>
<li>现状：<a href="https://spoofer.caida.org/summary.php">https://spoofer.caida.org/summary.php</a></li>
</ul>
</li>
</ul>

            </section>
        
            <section >
                <ul>
<li>易受攻击的服务:
<ul>
<li>RPC (Remote procedure call services)</li>
<li>Any service that uses IP address authentication</li>
<li>The X Window System</li>
<li>The R services suite (rlogin, rsh, etc.)</li>
</ul>
</li>
<li>防范：
<ul>
<li>网络级：在各级路由启用源地址过滤</li>
<li>应用级：应用层身份认证
<ul>
<li>开销：为防一人感冒，全家不停吃药</li>
</ul>
</li>
</ul>
</li>
</ul>

            </section>
        
            <section >
                <ul>
<li>Spooler项目
<ul>
<li><a href="https://www.caida.org/projects/spoofer/">https://www.caida.org/projects/spoofer/</a></li>
<li>开发一个测试程序，让自愿者使用
<ul>
<li>发源地址欺骗的包给项目主机，看是否能到达目的</li>
<li>项目主机发源地址有问题的包（和目标主机同网段），看目标主机能否收到
<img src="images/2019-04-25-09-35-05.png" alt="https://www.caida.org/projects/spoofer/"></li>
</ul>
</li>
</ul>
</li>
</ul>
<blockquote>
<p>小作业:使用IP源地址欺骗技术发送数据包，你的主机和网关会正确发出包吗？</p>
</blockquote>

            </section>
        
            <section >
                <ul>
<li>Online IP Spoof</li>
</ul>
<p><img src="images/2019-04-25-08-51-09.png" alt="Online IP Spoof"></p>
<blockquote>
<p>GF &amp; 作业</p>
</blockquote>

            </section>
        
            <section >
                <ul>
<li>Offline IP Spoof</li>
</ul>
<p><img src="images/2019-04-25-08-51-59.png" alt="Offline IP Spoof"></p>

            </section>
        
            <section >
                <p>案例1：？？</p>
<p><img src="images/2019-04-25-08-26-04.png" alt=""></p>
<p><a href="https://en.wikipedia.org/wiki/IP_address_spoofing">引用自wiki</a></p>

            </section>
        
            <section >
                <p>案例2：ICMP Echo + 广播地址 + 源地址欺骗</p>
<p><img src="images/2019-04-25-08-44-22.png" alt="ICMP Echo"></p>

            </section>
        
            <section >
                <p><img src="images/2019-04-25-08-44-36.png" alt="DDos"></p>

            </section>
        
            <section >
                <h2>3.4. DNS原理与欺骗</h2>
<ul>
<li>真服务器假数据
<ul>
<li>服务器做假</li>
<li>服务器被攻击</li>
</ul>
</li>
<li>假服务器假数据
<ul>
<li>结合中间人攻击
<ul>
<li>LAN内使用APR攻击实现</li>
</ul>
</li>
</ul>
</li>
</ul>
<p><img src="images/2019-04-25-09-29-12.png" alt=""></p>

            </section>
        

    </section>
    



    
    <section>
        <section >
            <h1>4. 综合实践</h1>
<ul>
<li>目标：了解网络欺诈的原理，提高安全意识
<ul>
<li>Site Clone</li>
<li>DNS Spooling</li>
</ul>
</li>
</ul>

            </section>
        
            <section >
                <h2>4.1. Apach2设置与启停</h2>
<ul>
<li>service apache2 start/stop</li>
</ul>

            </section>
        
            <section >
                <h2>4.2. 使用SET工具集</h2>
<ul>
<li><code>setoolkit</code>
<ul>
<li><code>1) Social-Engineering Attacks</code>
<ul>
<li><code>2) Website Attack Vectors</code>
<ul>
<li><code>3) Credential Harvester Attack Method</code>
<ul>
<li>
<ol>
<li>Web Templates</li>
</ol>
</li>
<li>
<ol start="2">
<li>Site Cloner</li>
</ol>
</li>
<li>
<ol start="3">
<li>Custom Import</li>
</ol>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>
</li>
</ul>

            </section>
        
            <section >
                <h2>4.3. Ettercap 与 DSNSpoof</h2>
<p>修改DNS配置</p>
<p>more /etc/ettercap/etter.dns</p>
<p>…
<a href="http://xxx.edu.cn">xxx.edu.cn</a> A 192.168.20.240
…</p>

            </section>
        
            <section >
                <ul>
<li>启动DNS_spoof</li>
</ul>
<pre><code>
- `ettercap -G`
  - Sniff
    - Unified Sniffing
  - Hosts
    - Scan for hosts
  - Hosts
    - Hosts List
      - 这其实是个中间人攻击，Kali是中间人，被攻击是两台正常通讯的主机
      - 所以分别将靶机的网关IP和靶机的IP加入target1和target2
  - Plugins
    - Manage the Plugins
      - 双击 dns_spool</code></pre>

            </section>
        
            <section >
                <ul>
<li>在靶机中ping <a href="http://xxx.edu.cn">xxx.edu.cn</a></li>
<li>结合二维码、短域名等技术</li>
<li>抓包分析其工作过程与原理</li>
</ul>

            </section>
        
            <section >
                <h2>4.4. 防范措施</h2>
<ul>
<li>可行性分析
<ul>
<li>例举出生活中可能碰到的中间人攻击的场景</li>
<li>例举DNS欺骗可能的场景</li>
</ul>
</li>
<li>识别与防范
<ul>
<li>https与域名IP认证</li>
<li>MITM的局限性</li>
</ul>
</li>
<li>Online威胁与Offline威胁</li>
</ul>

            </section>
        
            <section >
                <p>wifi热点钓鱼：</p>
<ul>
<li>搭一个热点供人接入</li>
<li>搭建若干网站的登陆网页（set clone）</li>
<li>简单版本：进行DNS欺骗将用户引导到假网站</li>
<li>智能版本：将用户先引导到假网站，用户输完用户名密码后，报错并引导到官方网站。这样用户不会觉察。</li>
</ul>

            </section>
        

    </section>
    


    </div>


  </div>

  	
	<script src="libs/reveal.js/4.1.3/reveal.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/zoom/zoom.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/notes/notes.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/search/search.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/markdown/markdown.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/highlight/highlight.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/menu/menu.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/math/math.js"></script>

	<script src="libs/reveal.js/4.1.3/plugin/fullscreen/plugin.js"></script>
  
  	<script src="libs/reveal.js/4.1.3/plugin/animate/plugin.js"></script>
  	<script src="libs/reveal.js/4.1.3/plugin/animate/svg.min.js"></script>
  
  	<script src="libs/reveal.js/4.1.3/plugin/anything/plugin.js"></script>
	  <script src="libs/reveal.js/4.1.3/plugin/anything/Chart.min.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/anything/d3/d3.v3.min.js"></script>				
	<script src="libs/reveal.js/4.1.3/plugin/anything/d3.patch.js"></script>			
	<script src="libs/reveal.js/4.1.3/plugin/anything/d3/queue.v1.min.js"></script>		
	<script src="libs/reveal.js/4.1.3/plugin/anything/d3/topojson.v1.min.js"></script>		
	<script src="libs/reveal.js/4.1.3/plugin/anything/function-plot.js"></script>

 <!--	<script src="libs/reveal.js/4.1.3/plugin/audio-slideshow/plugin.js"></script>  -->
<!--	<script src="libs/reveal.js/4.1.3/plugin/audio-slideshow/recorder.js"></script>-->
<!--	<script src="libs/reveal.js/4.1.3/plugin/audio-slideshow/RecordRTC.js"></script>-->

<script src="libs/reveal.js/4.1.3/plugin/chalkboard/plugin.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/customcontrols/plugin.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/embed-tweet/plugin.js"></script>

	<script src="libs/reveal.js/4.1.3/plugin/chart/chart.min.js"></script>
	<script src="libs/reveal.js/4.1.3/plugin/chart/plugin.js"></script>

  <script>

		const printPlugins = [
			RevealNotes, 
			RevealHighlight,
			RevealMath,
			RevealAnimate,
			RevealChalkboard, 
			RevealEmbedTweet,
			RevealChart,
		];

		const plugins =  [...printPlugins,
		RevealZoom, 
		RevealSearch, 
				RevealMarkdown, 
				RevealMenu, 
				RevealFullscreen,
				RevealAnything,
				//RevealAudioSlideshow,
				//RevealAudioRecorder,
				RevealCustomControls, 
				// poll
				// question
				// seminar
				 ]


		// Also available as an ES module, see:
		// https://revealjs.com/initialization/
		Reveal.initialize({
			controls: true,
			controlsTutorial: true,
			controlsLayout: 'bottom-right',
			controlsBackArrows: 'faded',
			progress: true,
			slideNumber: false,
			//#showSlideNumber "all" "print" "speaker"
			hash: true,//#  hash: false,
			//# respondToHashChanges: true,
			//# history: false,
			keyboard: true,
			//#keyboardCondition: null,
			overview: true,
			center: true,
			touch: true,
			loop: false,
			rtl: false,
			//#navigationMode: 'default', linear grid
			shuffle: false,
			fragments: true,
			fragmentInURL: false,
			embedded: false,
			help: true,
			//#pause: true
			showNotes: false,
			autoPlayMedia: false, // TODO fix this to a nullable value
			//#preloadIframes: null. true false
			//#autoAnimate: true
			//#autoAnimateMatcher: null,
			//#autoAnimateEasing: 'ease',
			//autoAnimateDuration: 1.0,
			//#autoAnimateUnmatched: true
			//#autoAnimateStyles: []
			autoSlide: 0, // TODO fix this to a falseable value
			autoSlideStoppable: true,
			autoSlideMethod: '0',
			defaultTiming: 120,
			mouseWheel: false,
			//#previewLinks: false
			//#postMessage: true,  // TODO : this can cause issues with the vscode api ???
			//#postMessageEvents: false,
			//#focusBodyOnPageVisibilityChange: true,
			transition: 'slide',
			transitionSpeed: 'default',
			backgroundTransition: 'fade',
			//#pdfMaxPagesPerSlide: Number.POSITIVE_INFINITY,
			//#pdfSeparateFragments: true,
			//#pdfPageHeightOffset: -1,
			viewDistance: 3,
			//#mobileViewDistance: 2,
			display: 'block',
			//#hideInactiveCursor: true,
			//#hideCursorTime: 5000

			// Parallax Background
			parallaxBackgroundImage: '',
			parallaxBackgroundSize: '',
			parallaxBackgroundHorizontal: 0,
			parallaxBackgroundVertical: 0,
			
			//Presentation Size
			width: 960,
			height: 700,
			margin: 0.04,
			minScale: 0.2,
			maxScale: 2,
			disableLayout: false,

			audio: {
				prefix: 'audio/', 	// audio files are stored in the "audio" folder
				suffix: '.ogg',		// audio files have the ".ogg" ending
				textToSpeechURL: null,  // the URL to the text to speech converter
				defaultNotes: false, 	// use slide notes as default for the text to speech converter
				defaultText: false, 	// use slide text as default for the text to speech converter
				advance: 0, 		// advance to next slide after given time in milliseconds after audio has played, use negative value to not advance
				autoplay: false,	// automatically start slideshow
				defaultDuration: 5,	// default duration in seconds if no audio is available
				defaultAudios: true,	// try to play audios with names such as audio/1.2.ogg
				playerOpacity: 0.05,	// opacity value of audio player if unfocused
				playerStyle: 'position: fixed; bottom: 4px; left: 25%; width: 50%; height:75px; z-index: 33;', // style used for container of audio controls
				startAtFragment: false, // when moving to a slide, start at the current fragment or at the start of the slide
			},
			
			chalkboard: { // font-awesome.min.css must be available
					//src: "chalkboard/chalkboard.json",
					storage: "chalkboard-demo",
				},
			
			customcontrols: {
					controls: [
      						{
						  id: 'toggle-overview',
						  title: 'Toggle overview (O)',
						  icon: '<i class="fa fa-th"></i>',
						  action: 'Reveal.toggleOverview();'
						}
						,
						{ icon: '<i class="fa fa-pen-square"></i>',
						  title: 'Toggle chalkboard (B)',
						  action: 'RevealChalkboard.toggleChalkboard();'
						},
						{ icon: '<i class="fa fa-pen"></i>',
						  title: 'Toggle notes canvas (C)',
						  action: 'RevealChalkboard.toggleNotesCanvas();'
						}
				]
			},
			chart: {
					defaults: { 
						color: 'lightgray', // color of labels
						scale: { 
							beginAtZero: true, 
							ticks: { stepSize: 1 },
							grid: { color: "lightgray" } , // color of grid lines
						},
					},
					line: { borderColor: [ "rgba(20,220,220,.8)" , "rgba(220,120,120,.8)", "rgba(20,120,220,.8)" ], "borderDash": [ [5,10], [0,0] ] }, 
					bar: { backgroundColor: [ "rgba(20,220,220,.8)" , "rgba(220,120,120,.8)", "rgba(20,120,220,.8)" ]}, 
					pie: { backgroundColor: [ ["rgba(0,0,0,.8)" , "rgba(220,20,20,.8)", "rgba(20,220,20,.8)", "rgba(220,220,20,.8)", "rgba(20,20,220,.8)"] ]},
					radar: { borderColor: [ "rgba(20,220,220,.8)" , "rgba(220,120,120,.8)", "rgba(20,120,220,.8)" ]}, 
			},
			math: {
				mathjax: 'https://cdn.jsdelivr.net/gh/mathjax/mathjax@2.7.8/MathJax.js',
				config: 'TeX-AMS_HTML-full',
				// pass other options into `MathJax.Hub.Config()`
				TeX: { Macros: { RR: "{\\bf R}" } }
				},
				anything: [ 
				{
		className: "plot",
		defaults: {width:500, height: 500, grid:true},
		initialize: (function(container, options){ options.target = "#"+container.id; functionPlot(options) })
	 },
	 {
		className: "chart",  
		initialize: (function(container, options){ container.chart = new Chart(container.getContext("2d"), options);  })
	 },
	 {
		className: "anything",
		initialize: (function(container, options){ if (options && options.initialize) { options.initialize(container)} })
	 },
					],
			// Learn about plugins: https://revealjs.com/plugins/
			plugins: (window.location.search.match(/print-pdf/gi) ? printPlugins : plugins ) 
		});
			


	    // Change chalkboard theme : 
		function changeTheme(input) {
			var config = {};
			config.theme = input.value;
			Reveal.getPlugin("RevealChalkboard").configure(config);
			input.blur();
		}

		// // Handle the message inside the webview
        // window.addEventListener('message', event => {

        //     const message = event.data; // The JSON data our extension sent

        //     switch (message.command) {
        //         case 'refactor':
        //             Reveal.toggleHelp();
        //     }
        // });

		if (window.location.search.match(/print-pdf-now/gi)) {
      		setTimeout(() => {
				window.print();
			  }, 2500);
			
    }
		

	</script>

</body>

</html>